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using the secret key of the public-secret key pa/r, and storing the result in the document 
carrier. 

26. A method according to Claim 25 of issuing an END, further comprising gen- 
erating a time stamp representing the tinie of issue and storing this with the END in the 
tamper-resistant document carrier before the encryption step. 



t 



t 27. A method according to Claim 25 of issuing an END, including the step of cal- 

\ 

:ulating a hash value of the END and/or the time stamp value and storing this hash 



. y ..... 6 _ 

\^/v jJH^vulating a hash value of the END an 
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value instead of the full END in |he tamper-resistant document carrier, before the said 
encryption step. 



28. A method according to Claim 25 of issuing an END, in which the document 
carrier identifier is a device ^number and the END identifier is a serial number. 



29. A method according to claim 25 of issuing an END, in which the END identi- 
fier is supplemented witl/data representing a water mark unique to the issuer. 



30. A method according to claim 25 of issuing an END, comprising the step of 
calculating a hash value of the data to be encrypted by said secret key, in place of the full 
data. 
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31 . A method according to claim 25 of jfssuing an END, in which the document 
carrier stores a negotiability status flag indicative of whether the END stored therein in 
negotiable or non-negotiable, and includingythe step of setting the flag to "negotiable" 
after the result of the encryption has been stored in the document carrier. 

32. A method according to claim 25 of issuing an END, in which the document 
carrier includes a counter for counting a serial number, indicative of the number of times 
that the END has been negotiated since issue, and comprising the step of setting the 

/ 

counter to zero after the result of the encryption has been stored in the document carrier. 

/ 

t 

I 

33. A tamper-resistant document carrier adapted to store an END in accordance 
with the method of claim 25, Comprising read only software for controlling the steps of 



storing the END, encrypting'the END and other data with the pre-stored secret key, and 



storing the result in a memory. 



34. A document carrier according to Claim 33, in which the memory includes a 
negotiability status flag/capable of being set either to "negotiable" or to "non-negotiable*. 

35. A document carrier according to Claim 33, in which the memory includes a 
counter for storing a/serial number representative of the number of times the END has 
been negotiated. 
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36. A method of negotiating an END between a seller and a buyer each possess- 
ing a tamper-resistant document carrier havinjyits own public-secret key pair, in which 
the END is stored in the seller's document carrier in the form of END data, and the sig- 
nature generated by the secret signing-key of a document carrier of the issuer of the END, 
together with a negotiability status flag indicative of whether the END is currently nego- 
tiable from the document carrier on which it is stored, comprising establishing mutual 
recognition and verification between tne seller and buyer using one or more predeter- 
mined protocols between the respective document carriers; verifying in the seller's docu- 
ment carrier that the negotiability status flag is "negotiable" and aborting the negotiation 
if not; sending the public encryption key of the buyer's document carrier to the seller's 
document carrier, and using it to epicrypt the message comprising the END together with 
the negotiability status flag; sending that encrypted message to the buyer; decrypting that 
message using the buyer's secrei decryption key, and setting the negotiability status flag 
for that END of the buyer's and seller's document carriers respectively to ^non- 



negotiable" and "negotiable"./ 
/\ j 

37. A method of negotiating an END between a seller and, a buyer each possess- 
ing a tamper-resistant document carrier having its own public-secret key pair, in which 
the END is stored in the seller's document carrier in the form of END data, and the sig- 
nature generated by the secret signing key of a document carrier of the issuer of the END, 
together with a serial number counter indicative of the number of times that the END has 
been negotiated since isspe, comprising establishing mutual recognition and verification 
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between seller and buyer using one or more predetermined protocols between the respec- 
tive document carriers; verifying in the seller's document carrier that the END, if it has 
been stored previously in that document carrier/has a different counter value this time 
and is therefore negotiable; sending the publics encryption key of the buyer's document 
carrier to the seller's document carrier, and using it to encrypt the message comprising the 
END together with the counter; sending that encrypted message to the buyer; decrypting 
that message using the buyer's secret decryption key, and incrementing the counter by 
one. / 

38. A method according to/Claim 36, in which each document carrier is installed 
originally with a certificate comprising a digital signature of its unique identifier and of 
its public key. / 

39. A method according to Claim 37, in which each document carrier is in- stalled 
originally with a certificate comprising a digital signature of its unique identifier and of 
its public key. / 

40. A method according to Claim 38, in which the certificate unique to the docu- 
ment carrier on whiclythe END was originally issued is stored with the END in the 
seller's document earner. 



5 



PATENTS 
105005-0044C1 



41 . A method according to Claim 39, in which the certificate unique to the docu- 
ment carrier on which the END was originally issued is stored with the END in the 
seller's document carrier. / 

42. A method according to Claim 38, in which the certificate of the buyer's docu- 
ment carrier is sent to the seller's document earner in which it is authenticated and the 
negotiation is aborted if authentication fails./ 

| / 43. A method according to Claiiy39, in which the certificate of the buyer's docu- 

y ment carrier is sent to the seller's document carrier in which it is authenticated and the 
negotiation is aborted if authentication fails. 

44. A method according to Claim 36, in which the buyer's document carrier, after 
decrypting the message using its Secret key, verifies the signature of the issuer on the 
END, and informs the issuer in me event that authentication fails. 

45. A method according to Claim 37, in which the buyer's document carrier, after 
decrypting the message using its secret key, verifies the signature of the issuer on the 
END, and informs the issuef in the event that authentication fails. 

46. A method according to Claim 25, of issuing an END on a document-carrier 
followed by a method oflnegotiating an END between a seller and a buyer each possess- 
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ing a tamper-resistant document carrier having its own public-secret key pair, in which 
the END is stored in the seller's document carrier in the form of END data, and the sig- 
nature generated by the secret signing-key of a document carrier of the issuer of the END, 
together with a negotiability status flag indicative of whether the END is currently nego- 
tiable from the document carrier on which it/is stored, comprising establishing mutual 
recognition between the seller and buyer using a predetermined protocol between the re- 
spective document carriers; verifying in the seller's document carrier that the negotiability 
status flag is "negotiable" and aborting Ahe negotiation if not; sending the public encryp- 
tion key of the buyer's document carrier to the seller's document carrier, and using it to 
encrypt the message comprising thetfiND together with the negotiability status flag; 
sending that encrypted message t<yttie buyer; decrypting that message using the buyer's 
secret decryption key, and setting the negotiability status flag for that END of the buyer's 
and seller's document carriers respectively to "non-negotiable" and "negotiable". 



47. A method according to Claim 25, of issuing an END on a document-carrier 
followed by a method of negotiating an END between a seller and a buyer each possess- 
ing a tamper-resistant document carrier having its own public secret key pair, in which 
the END is stored in the seller's document carrier in the form of END data, and the sig- 
nature generated by the secret signing key of a document carrier of the issuer of the END, 
together with a serial number counter indicative of the number of times that the END has 
been negotiated since issue, comprising establishing mutual recognition between seller 
and buyer using a predett rmined protocol between their respective document carriers; 
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verifying in the seller's document carrier that the END, if it has been stored, previously in 
that document carrier, has a different counter value this time and is therefore negotiable, 
but aborting the negotiation if it is not negotiable; sending the public encryption key of 
the buyer's document carrier to the seller's document carrier, and using it to encrypt the 
message comprising the END together witn the counter; sending that encrypted message 
to the buyer; decrypting that message using the buyer's secret decryption key, and incre- 
menting the counter by one. / 

48. A method according to Claim 26, of issuing and END on a document- carrier 
followed by a method of negotiating /an END between a seller and a buyer each possess- 
ing a tamper-resistant document cadrier having its own public-secret key pair, in which 
the END is stored in the seller' s document carrier in the form of END data, and the sig- 
nature generated by the secret signing-key of a document carrier of the issuer of the END, 
together with a negotiability status flag indicative of whether the END is currently nego- 
tiable from the document carrier on which it is stored, comprising establishing mutual 
recognition between the seller and buyer using a predetermined protocol between the re- 
spective document carriers; verifying in the seller' s document carrier 'that the negotiabil- 
ity status flag is "negotiable" and aborting the negotiation if not; sending the public en- 
cryption key of the buyer's document carrier to the seller's document carrier, and using it 
to encrypt the message comprising the END together with the negotiability status flag; 
sending that encrypted message to the buyer; decrypting that message using the buyer's 
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secret decryption key, and setting the negotiability sratus flag for that END of the buyer's 
and seller's document carriers respectively to "nor^negotiable" and "negotiable". 

49. A method according to Claim 26, of issuing an END on a document-carrier 
followed by a method of negotiating an END between a seller and a buyer each possess- 
ing a tamper-resistant document carrier having its own public secret key pair, in which 
the END is stored in the seller's document carrier in the form of END data, and the sig- 
nature generated by the secret signing key of a document carrier of the issuer of the END, 
together with a serial number counter indicative of the number of times that the END has 
been negotiated since issue, comprising establishing mutual recognition between seller 
and buyer using a predetermined protocol between their respective document carriers; 
verifying in the seller's document carrier that the END, if it has been stored previously in 
that document carrier, has a different counter value this time and is therefore negotiable, 
but aborting the negotiation if it is not negotiable; sending the public encryption key of 
the buyer's document carrier to the seller's document carrier, and using it to encrypt the 
message comprising the END together with the counter; sending that encrypted message 
to the buyer; decrypting that message using the buyer's secret decryption key, and incre- 
menting the counter by one. 

50. A method according to Claim 48, in which the buyer's document carrier, after 
decrypting the message with its secret key, verifies that the END is still valid by taking 
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its time stamp, and, if it has expired, informs the issuer of this, and aborts the negotiation 
before M^kiB©irtk*g4he counter or setting the negotiation status flag. 

A J 

5 1 . A method according to Claim 49, in which the buyer's document carrier, after 

decrypting the message with its secret key, verifies that the END is still valid by taking 

its time stamp, and if it has expired, informs the issuer of this, and aborts the negotiation 

before iraptemsatifig-the counter or setting the negotiation status flag. 
A / 

52. A method according to Claim 36, including recovering the negotiation of an 
END which has previously broken down, by providing the buyer's document-carrier with 
the necessary secret key which/has been reproduced by the issuer or by a trusted third 
party. / 

53. A method according to Claim 37, including recovering the negotiation of an 
END which has previouslyf broken down, by providing the buyer's document-carrier with 
the necessary secret key which has been reproduced by the issuer or by a trusted third 
party. / 

54. A method according to Claim 36, including recovering an END lost from a 
primary document-carrier, by activating a back-up document-carrier "which has previ- 
ously been provided with back-up data reproduced from the primary document-carrier. 

/ 10 
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55. A method according to Claim 37, including recovering an END lost from a 
primary document-carrier, by activating a back-up document-carrier which has previ- 
ously been provided with back-up data reproduced from the primary document-carrier. 

56. A method according to Claim 52, comprising inhibiting the recovery until the 
expiry of the predetermined period off validity of the END. 



57. A method according to Claim 53, comprising inhibiting the recovery until the 
expiry of the predetermined period of validity of the END. 



58. A method according to Claim 54, comprising inhibiting the recovery until the 
expiry of the predetermined period of validity of the END. 



59. A mefcod according .0 Cairn 55, coding inhibiting *. reeve* unu, «,e 

k 

expiry of the predetermined period of validity of the END. 



60. A methoy of negotiating an END, sold by a seller to a buyer, in which the 
buyer splits the END electronically into two or more parts and then negotiates those parts 



separately to one or more further buyers, wherein the total value represented by all parts 
remains the same as the value of the END. 
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